CVE-2017-8381
https://notcve.org/view.php?id=CVE-2017-8381
XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in "Browser" mode, because of a "User Mode Write AV near NULL" in XnView.exe. XnView Classic para Windows versión 2.40, permite que los atacantes remotos asistidos por el usuario ejecuten código por medio de un archivo .mkv especialmente diseñado que se maneja inapropiadamente durante la apertura de un directorio en el modo "Browser", debido a un "User Mode Write AV near NULL" en el archivo XnView.exe. • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-9909
https://notcve.org/view.php?id=CVE-2017-9909
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a." XnView Classic para Windows en su versión 2.40 permite a un atacante remoto causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante un archivo .fpx manipulado, relacionado a "Data from Faulting Address controls Branch Selection comenzado en ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9909 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-10770
https://notcve.org/view.php?id=CVE-2017-10770
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x000000000000053a." XnView Classic para Windows versión 2.40, podría permitir a los atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x000000000000053a". • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10770 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-9906
https://notcve.org/view.php?id=CVE-2017-9906
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508." XnView Classic para Windows en su versión 2.40 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante una archivo .fpx manipulado, relacionado a "Data from Faulting Address es usado como uno o más argumentos en una subsecuencia Function Call comenzando en Xfpx!gffGetFormatInfo+0x0000000000028508." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-10757
https://notcve.org/view.php?id=CVE-2017-10757
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6." XnView Classic para Windows versión 2.40, podría permitir a los atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6". • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10757 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •